class UsersController < AuthorizedController
  skip_before_filter :login_required
  
  def new
    @body_class = 'signup'
    @user = User.new
  end

  def create
    cookies.delete :auth_token
    # Protects against session fixation attacks, wreaks havoc with request forgery protection. Uncomment at your own risk!
    # request forgery protection has been disabled
    reset_session
    
    @user = User.new(params[:user])
    if @user.save
      self.current_user = @user
      set_flash :success => "Thanks for signing up!"
      redirect_back_or_default('/postings')
    else
      flash.now[:error] = "We couldn't sign you up with that information. Please check the form for errors."
      render :template => 'sessions/new'
    end
  end
end
